In August, an alert shopper noticed something a little strange about an ATM near the popular outdoor Portland Saturday Market in Portland, Ore. A thief had attached a skimmer -- a device that "skims" your debit or credit card number for fraudulent purposes -- to the ATM. The shopper alerted market security, but no one knows how long the skimmer was attached or how many credit card numbers were taken.
The idea of debit or credit card fraud can strike cold fear into even the most tech-savvy consumer. Once someone possesses your credit card or debit card number, you're looking at a passel of phone calls to your card issuer, filling out police reports and possibly a delay before the issuer credits your account.
Review these mistakes to avoid becoming a victim of debit or credit card fraud.
Failing to Look for Skimmers
Thieves may attach skimming devices to the exterior of an ATM or point-of-sale terminals requiring a PIN, or personal identification number. It's worth the few seconds it takes to glance before you swipe.
"Always take a look at the machine to see if there (are) any visible traces of activity, such as glue or scuff marks or loose bits around the PIN pad or the place where you insert your card," says Manisha Thakor, co-author of "On My Own Two Feet: A Modern Girl's Guide to Personal Finance." "Those are telltale signs that an attempt may have been made to attach a skimmer."
She says you should pay close attention when you're visiting an ATM in a low-traffic locale, where it's easier for someone to attach a device. When in doubt, use a different ATM.
Banking Online in a Cafe
You may have free Wi-Fi access at your favorite coffee shop, but you might not want to use it to check the balance in your savings account. If you're using an open wireless network, it's easier for hackers to intercept online transactions, passwords and other private business. "It's not the time to do financial business, your online banking or your shopping," says Marian Merritt, a Norton Internet safety advocate at Symantec, a manufacturer of security software.
That goes for websites that start with HTTP and HTTPS as well because you don't know how securely the coffee shop, hotel or other free Internet access point is set up. Hackers can set up "man in the middle" attacks to grab your passwords, card number and other information while you're on the public network. So enjoy the latte and save checking your credit card statement for later.
Responding to Phishing Messages
If you receive a text message on your phone from your bank, and it asks you to log into your card account immediately -- but you didn't contact the bank -- raise your mental drawbridge. The same goes for a message that arrives via Facebook, Twitter or any other mode of communication.
"Any unsolicited phone call, email, text or social media message could be a phishing attempt," says Erik Mueller, vice president of payment system integrity at MasterCard Worldwide. "Be skeptical of these messages, especially if they request credit or debit card data or personal information, or link to another website or Web page." With the right data, a phisher will quickly find a way to commit credit card fraud.
If you think the message might be legitimate or you have concerns about fraud, contact your issuer directly using the customer service phone number on the back of your debit or credit card.
Ignoring Your Rights and Responsibilities
If you've lost your credit or debit card, suspect it was stolen or think someone has lifted your number off the Internet, call your card issuer immediately. Credit cards offer the greatest protection against fraud. Most card issuers provide zero-liability fraud protection, and federal law says once you report the loss or theft, you have no further responsibility for unauthorized charges. Your maximum liability under federal law is $50 per card.
With debit cards, your responsibilities and rights change. While you may have zero-liability fraud protection on your debit card, it may not apply to PIN-based transactions or ATM withdrawals. Federal law also has some caveats when it comes to debit card fraud protection. If someone made fraudulent purchases with the debit card data and you don't report the theft immediately, your liability could skyrocket, especially if you wait longer than 60 days to report it. In addition, if a thief uses your debit card to drain your bank account, you'll be short on cash while your bank investigates.
Not Using Free Fraud Protection
Additional fraud protection is available for free by numerous card issuers and financial institutions, though most require a little investigation or enrollment. For example, the Verified by Visa program sets up Visa cardholders with an additional password they can use to shop at participating online merchants. MasterCard SecureCode works similarly. It requires the user to enter the correct PIN during checkout at a participating online retailer.
Another option: Try one-time or "virtual" credit card numbers, which are offered by some banks such as Citibank and Bank of America. These numbers are used for only one purchase and then are no longer usable -- so you don't have to worry they'll be swiped and reused by a fraudulent user.
You can also minimize debit and credit card fraud by making use of free account alerts, which notify you when certain transactions or changes occur, such as a transaction for more than a certain dollar amount or a purchase made overseas.
Check your bank or card issuer's site to find out whether they participate in these programs and services.